[Samba] ldap authentication without 'ldap filter' parameter

Norbert Gomes norbert.gomes at orleans-tours.iufm.fr
Wed Feb 8 10:46:04 GMT 2006


Hello

I'm trying to update samba from 3.0.11 to 3.0.21 and I noticed that the 
'ldap filter' paramater has been removed.
After some search, I read that I have to configure nss_ldap. But I don't 
know how to configure it properly to operate with our LDAP database.

Let me explain :

We used the 'ldap filter' parameter like this :
   
    ldap filter = (&(iufmLogin=%u)(gecos=#*))


Our authentication is based on the 'iufmLogin' attribute (we cannot use 
the 'uid' attribute) and the gecos has to start with the '#' character 
for the user to be authenticated.

But my problem is that I can't parameter the /etc/ldap.conf file to use 
these filters.

I tried to put this in the /etc/ldap.conf file :

pam_filter iufmLogin=%s
pam_login_attribute iufmLogin

But the system seems to ignore these filters and it only uses the 'uid' 
attribute when I try the 'getent passwd' command.

Can someone explain me how to do this correctly ?

Thanks


Norbert Gomes




More information about the samba mailing list